Govts should focus on cybersecurity education, not militarization

Educating citizens, partnering private sector organizations and assisting developing nations more helpful in preventing cyberattacks, stress government officials.

SINGAPORE--Governments should spend more time and effort educating citizens and other countries on existing online threats and forge partnerships with private sector organizations rather than militarize the cyber arena.

According to Yaacob Ibrahim, Singapore's minister for information, communications and the arts (MICA), the ICT environment has become very dynamic with constantly emerging technologies. These include mobile devices and on-demand, cloud-based resources which are increasingly being adopted by individuals and organizations, he said. The minister was speaking at the Information Security Seminar 2012 held here on Wednesday.

While these new technologies help increase business efficiency, they also open organizations up to security threats, Ibrahim pointed out. The increasing number of cyberattacks globally, driven by well-resourced hacktivist groups and organized cybercriminal groups with government links, mean that critical infrastructure are now at risk of being breached.

Stuxnet and Duqu --two attacks that were deployed in 2011 to penetrate such core systems--are examples of threats that can potentially cause widespread chaos, the minister added.

As such, stronger ICT awareness among individuals and organizations is needed to remind them to exercise personal responsibility in adopting secure online practices, he advised. In Singapore, for instance, the Cyber Security Awareness Alliance leveraged various social media platforms such as Facebook and Twitter to engage the community's interest and share tips on IT security, he noted.

Howard Schmidt, former special assistant to the U.S. president and cybersecurity coordinator of the White House, added that governments need to understand their roles and responsibilities with regard to managing ICT.

Also speaking on Wednesday, Schmidt said many governments today are engaging in the militarization of cyberspace but this is the wrong mentality to adopt. Instead, he urged them to be more involved in helping their own citizens and other countries in terms of raising awareness and education, as well as forging strong partnerships with private sectors.

He said since governments possess cybersecurity intelligence that the private sector might not have, they should look into sharing threat information. The U.S. is one example, with the government passing its cybersecurity bill which allows it to share user details to specific industry players such as Internet service providers so as to help fend off online attacks, he noted.

That said, governments need to be careful on the kinds of information they are looking to share, as there needs to be a line drawn where data that may harm the country's economy should stay confidential, he added.

In terms of inter-governmental support, Schmidt called for cybersecurity aid to be given to developing countries since they do not have the proper awareness and technical tools to understand the fast-evolving arena. Should they be ignored, cybercriminals will not hesitate to look to these countries as the next generation of victims, he warned.

"We cannot decrease the amount of threats or slow down technology development and adoption, but we can certainly increase awareness and prevent people and companies from suffering consequences of a cyberattack," he said.